
/*
 * Copyright (C) 2010 Bitglue. All rights reserved.
 *
 * $Id: UserMgmtController.java bself $
 */

package com.bitglue.web.admin.webmvc;

import com.bitglue.hibernate.dao.AdminUserDAO;
import com.bitglue.hibernate.model.AdminUser;
import com.bitglue.web.admin.webmvc.model.UserMgmtModel;

import java.io.PrintWriter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;

/**
 * UserMgmtController manages admin console users.
 * @author Bryan Patrick Self
 */
@Transactional
@Controller("usermgmtController")
@SessionAttributes(types = UserMgmtModel.class)
public class UserMgmtController {

    protected final Logger log = Logger.getLogger(getClass());

    @Autowired
    protected AdminUserDAO adminUserDAO;

    @RequestMapping(value = "/usermgmt.do", method = RequestMethod.GET)
    public ModelAndView usermgmtSetup(HttpServletRequest req) {
        log.debug("creating new user management model for client "
          + req.getRemoteAddr());
        UserMgmtModel userModel = new UserMgmtModel();
        userModel.setAdminUsers(adminUserDAO.getAdminUsers());
        return new ModelAndView("userManagement", "userModel", userModel);
    }

    @Transactional
    @RequestMapping(value = "/updateUser.do")
    public void updateUser(@RequestParam("USERNAME") String username,
      @RequestParam("REALNAME") String realname,
      @RequestParam("DEPARTMENT") String department,
      @RequestParam("EMAIL") String email,
      @RequestParam("TITLE") String title,
      @RequestParam("PASSWORD") String password,
      @RequestParam("ID") int id,
      HttpServletRequest req, HttpServletResponse resp) throws Exception {
        log.debug("updating user for client " + req.getRemoteAddr());
        PrintWriter pw = new PrintWriter(resp.getOutputStream());
        AdminUser user = null;
        try {
            if (id != -1) {
                user = adminUserDAO.getAdminUserById(id);
                if (user == null) {
                    throw new RuntimeException("cannot locate user "
                      + "with id of " + id);
                }
            } else
                user = new AdminUser();
            user.setUsername(username);
            user.setRealname(realname);
            user.setDepartment(department);
            user.setEmail(email);
            user.setTitle(title);
            if (!"".equals(password))
                user.setPasswordHash(AdminUser.md5hash(password));
            log.debug("using adminUserDAO to update user "
              + user.getUsername());
            adminUserDAO.storeAdminUser(user);
            String msg = "updated user " + user.getUsername()
              + " in database";
            log.debug(msg);
            pw.print("SUCCESS: " + msg);

        } catch (Exception ex) {
            log.debug(ex);
            pw.println("FAIL: user update failed->" + ex);
        } finally {
            pw.flush();
            pw.close();
        }
    }

    @Transactional
    @RequestMapping(value = "/deleteUser.do")
    public void updateUser(@RequestParam("ID") int id,
      HttpServletRequest req, HttpServletResponse resp) throws Exception {
        PrintWriter pw = new PrintWriter(resp.getOutputStream());
        try {
            adminUserDAO.deleteAdminUserById(id);
            pw.print("SUCCESS: deleted admin user with id of " + id);
        } catch (Exception ex) {
            log.debug(ex);
            pw.print("FAIL: delete of admin user id "
              + id + " failed->" + ex);
        } finally {
            pw.flush();
            pw.close();
        }
    }

}
